Results tagged “Julian Assange” from WikiLeak

It looks as if WikiLeakS.org / Julian Assange's stupid decision to abandon use of PGP encryption, back in 2007 has come home to roost, with the revelation that they idiotically re-used a symmetric encryption key password and ineptly published a full archive of the controversial US Embassy / State Department Diplomatic Cables on BitTorrent peer to peer file sharing networks

The fact that they published this unredacted archive at all via BitTorrent shows how chaotic and incompetent Julian Assange and his motley crew of inexperienced acolytes had become after Daniel Domscheit-Berg and the "Architect" left them.

The end result is that there are now many people around the world, including all the repressive governments mentioned in the quarter of a million Diplomatic cables who can now simply search for key words like (strictly protect), to find the names of informants and information sources who have been in contact with US Embassy diplomats and who could therefore now be easily persecuted.

See the Cryptome.org for a direct file link to z.gpg or to this torrent link to the same encrypted compressed file via BitTorrent peer to peer filesharing.

John Young's evident glee that WikiLeakS.org have now published the full, unredacted archive of US Diplomatic Cables, is, in its own way, just as reprehensible as Julian Assange's indifference to the fate of vulnerable individual human beings named in the cables.

He of all people should know that the US Government neither has the time, the money , nor the inclination, nor the bureaucratic efficiency to warn or protect the hundreds of named informants or contacts, which have now been betrayed to the world, an action which has been universally condemned by WikiLeakS.org's former mainstream media partners and by human rights organisations.

This is in addition to the names of political dissidents who were in contact with the US Embassy in Belarus which Assange has already handed over to the Lukashenko dictatorship via the holocaust denier Israel Shamir.

Some "open source" / "full disclosure" advocates are making the spurious claim that the publication by WikiLeakS.org of the unredacted cables.csv and onto their searchable web site front end, is somehow better for any political dissidents or confidential sources who had dealings with the US Embassies and whose names are tagged with (strictly protect) and other markers.

Firstly, not all political dissidents in repressive countries have access to the internet at all, let alone to fast, secure, anonymous connections which would allow them to download the massive cables.csv file itself or to use the (insecure) WikileakS.org cable search websites.

None of these websites employ SSL Digital certificates or provide Tor Hidden services etc. to mask the identities of people searching for their own names or those of their family or friends.

Some of the people mentioned in the US Embassy cables several years ago, could in fact be in prison or under investigation for other reasons in 2011, without any or without any safe internet access at all. Being named as having been in contact with the US Embassy, even several years ago, could easily lead to charges of espionage etc. in insane countries like Iran.

Julian Assange's disregard for the Sensitive Personal Data of innocent individuals and his organisation's utter incompetence at handling such data securely, is indistinguishable from that displayed by many of the government bureaucracies you would expect him to be opposed to. Do not to trust him or WikiLeakS.org with any future whistleblower leak material, Find another post WikiLeakS.org website or organisation instead - see the listing and analyses at LeakDirectory.org wiki.

WikiLeakS.org and PGP Public Key Encryption

WikileakS.org abandoned even their limited use of PGP Encryption with the public or with the media, back in 2007, when they let their published PGP key expire.

If they had been using Public Key Cryptography last year, to encrypt correspondence or documents or files using their recipients' individual Public Keys, then there would have been no password for the incompetent WikiLeakS.org activists to re-use .

Every copy of the controversial cables.csv file could have been encrypted with a different recipient's Public Key and would have had a different symmetric encryption key (which no human would could have been capable of revealing, even under torture).

Not even WikiLeakS.org / Julian Assange could have decrypted a seized or intercepted or publicly leaked copy of such an encrypted file, only the recipient with access to his or her own private decryption key could have done so.

Either Julian Assange is ignorant of how to use Public Key Cryptography (hardly likely for someone who has tried to write cryptographic software himself) or he and the #wikileaks twitter feed are lying again:

@ABCTech It is false that the passphrase was temporary or was ever described as such. That is not how PGP files work. Ask any expert.

6.32 AM September 1st 2011

To decrypt a file encrypted with PGP using a recipient's Public Key, you need to have physical access to the Private De-Cryption key, which is not accessible to anyone who copies or intercepts the encrypted file in transit.

Obviously the password which unlocks the Private De-Cryption Key from your PGP Keyring can be changed.

Symmetric encryption unprotected by Public Key encryption is just an option with PGP, but that is not how PGP is designed to be used to protect files in transit over the internet or on vulnerable USB memory sticks !

There was nothing, except for laziness or incompetence, which prevented Julian Assange or his followers from securely destroying the symmetrically encrypted cables.csv compressed file archive immediately after he gave it to David Leigh and then re-encrypting it from the master copy with a different key and passphrase. This master copy , we assume, given the dispute between Julian Assange and Daniel Domscheit-Berg, would have been held on a separately encrypted computer file system anyway.

The award winning investigative journalist at The Guardian newspaper David Leigh's book:

did reveal on pages 138 to 139 an unnecessary password, which he rightly assumed would only be a temporary one, but which should never have been re-used by Julian Assange in the first place.

Leigh refused. All or nothing, he said. "What happens if you end up in an orange jump-suit enroute to Guantánamo before you can release the full files?" In return he would give Assange a promise to keep the cables secure, and not to publish them until the time came. Assange had always been vague about timing: he generally
indicated, however, that October would be a suitable date. He believed the US army's charges against the imprisoned soldier Bradley Manning would have crystallised by then, and publication could not make his fate any worse. He also said, echoing Leigh's gallows humour: "I'm going to need to be safe in Cuba first!"

Eventually, Assange capitulated. Late at night, after a two-hour debate, he started the process on one of his little netbooks that would enable Leigh to download the entire tranche of cables. The Guardian journalist had to set up the PGP encryption system on his laptop at home across the other side of London. Then he could feed in a password. Assange wrote down on a scrap of paper:ACollectionOfHistorySince_1966_ToThe_PresentDay#. That's the password," he said. "But you have to add one extra word when you type it in. You have to put the word '"Diplomatic' before the word 'History'. Can you remember that?"

"I can remember that."

Leigh set off home, and successfully installed the PGP software. He typed in the lengthy password, and was gratified to be able to download a huge file from Assange's temporary website.

So having given Leigh instructions about downloading and installing PGP software, Julian Assange failed to instruct him to generate a Public / Private key pair and to send him the Public Key, so that Julian could individually encrypt the the cables.csv compressed archive just for David Leigh and nobody else.

At the face to face meeting described in the book, Julian Assange could easily have given David Leigh a copy of a WikiLeakS.org Public Encryryption Key for him to install when he set up the PGP software on his laptop as instructed, or pointed him to an online version.

They could have agreed a pre-shared secret for extra authentication.

David Leigh could then have been instructed to generate his own Public / Private keypair (protected in his PGP Keyring by his own strong passphrase) and to send a Digitally Signed and Encrypted copy of his Public Key back to Jullian Assange via email etc. together with the pre-shared authentication secret, all encrypted with the WikiLeakS.org Public Key. This should have been sufficient cryptographic proof that David Leigh's Public Key was the correct one, since nobody else apart from Julain Assange / WikiLeakS.org could have read the contents of that message.

Julian Assange could then have encrypted the compressed cables.csv file with David Leigh's Public Key and pointed him to the secure website he had set up for the encrypted file to be downloaded from

This encrypted file could only have been de-crypted by someone in possession of both David Leigh's passphrase and the corresponding Private Key in the PGP Keyring on David Leigh's MacBook laptop.

If WikiLeakS.org had been regularly using PGP over the years, even inexperienced members of the cult would have been familiar with these simple, well documented concepts.

If that copy of the encrypted file had somehow been published by the incompetent WikiLeakS.org crew on BitTorrent, then only David Leigh could have decrypted it (assuming he was still in control of his PGP Keyring on his laptop computer) , even if he had published his own pass phrase in his book, rather than Julian's rather pompous one.

7-Zip compression

Then he realised it was zipped up - compressed using a format called 7z which he had never heard of, and couldn't understand.

The .7z file extension is used by 7-Zip . This is freely available over the internet, on various computing platforms and does offer more options for better compression than the standard .zip compression utilities which are built in to modern versions of the Microsoft Windows or Apple OSX operating systems, at the cost of longer compression times and more use of memory.

The 7-Zip Ultra compression option seems to be what the cables.csv file was compressed with down to i.e. only 21 % of its original size.

However to achieve this amount of compression on such a big file could take quite a while, perhaps up to an hour on an average PC. Unzipping is much quicker, a couple of minutes at most.

Compression is also built in to the PGP / GnuPG encryption software, but that produces a compressed file of about 640 MB i.e. about twice that of the of the 7-Zip version, about 41% of the original size of the monolithic cables.csv file.

Like most .zip compression software these days, 7-Zip also offers encryption, using the same AES 256 bit algorithm used by default by GnuPG / PGP, but Assange et al did not bother to make use of that.

He got back in his car and drove through the deserted London streets in the small hours, to Assange's headquarters in Southwick Mews

Assange was staying at Vaughan Smith's Frontline Club for investigative / foreign / war correspondent journalists, owned by Vaughan Smith, in whose Norfolk country estate has bedrooms at numbers 7 and 9 Southwick Mews

Now, isolated up in the Highlands, with hares and buzzards for company, Leigh felt safe enough to work steadily through the dangerous contents of the memory stick.

So, in the end, Julian Assange in fact actually handed over an unencrypted copy of the file to David Leigh, on an easily lost or stolen USB memory stick. If Assange really cared about protecting innocent people from evil governments, then he would not have allowed this to happen.

It is astonishing how the WikiLeakS.org cult propaganda machine has deluded itself that somehow it was David Leigh and The Guardian which was responsible for this cryptographic and internet publication incompetence, rather than the alleged technological privacy and anonymity expert Julian Assange and his supposedly expert helpers.

TextWrangler keyword search

Obviously there was no way that he, or any other human, could read through a quarter of a million cables. Cut off from the Guardian's own network, he was unable to call up such a monolithic file on his laptop and search through it in the normal simple-minded journalistic way, as a word processor document or something similar: it was just too big. Harold Frayman, the Guardian's technical expert, was there to rescue him. before Leigh left town, he sawed the material into 87 chunks, each just about
small enough to call up and read separately.

Probably 19 Megabytes for each of 86 chunks with a little bit left over in the 87th chunk.

Then he explained how Leigh could use a simple program called TextWrangler

TextWrangler is the "little brother" of BBEdit and is only available for the Apple Macintosh platform. David Leigh's laptop computer.is stated to have been a MacBook elsewhere in the book.

to search for key words or phrases through all the separate files simultaneously, and present the results in a user-friendly form.

So why had Julian Assange or his WikiLeaks acolytes not already broken the 1.6 Gigabyte file down into usable chunks and zipped them up into, ideally, several archive files for their mainstream media partners ?

This WikiLeak.org blog has criticised them in the past for not offering (multiple) floppy disk or even CD-ROM sized versions of their whistleblower leaks documents, as well as just large monolithic files.

Not everybody, especially people in third world countries under repressive governments, or even people using mobile internet devices, has access to fast broadband internet connections.

Is this the end of WikiLeakS.org ?

Now that WikiLeakS.org have no more secrets left to publish, will they actually get around to re-inventing themselves and re-launching a secure anonymous system without the destructive influence of Julian Assange ?

Or will the cult continue regardless and just get dragged into long legal cases ?

Tags:

More evidence that Wikileaks' abuse of Twitter, instead of issuing proper, detailed Press Releases on their official website, gives the impression of either incompetent "investigative journalism" or just plain anti-US Government hate propaganda.

When did this happen ? Is that the then US President or the Romanian President doing the promising ? What sort of "killing" ?

It turns out to be the newly elected Romanian President, back in 2005 (over 6 years ago). The "killing" turns out to have the result of a traffic accident, probably involving drink driving by the US Marine who had diplomatic immunity as part of the US Embassy staff.

If you take this selective misquote from the diplomatic cable at face value you get the impression that the US Marine was to get off scot free due to some sort of political deal.

However if you actually bother to read the diplomatic cable which Wikileaks have published, in their current, "we don't care about anybody's personal information" data dump:

25.(C) Finally, the December 2004 accident involving the U.S. Embassy Marine Security Guard detachment commander that led to the death of Romanian rock star Teo Peter received wide press coverage and created public outcry. Basescu and his government are under considerable political pressure to make sure justice is done in a Romanian Court. Naturally, given that Marine Corps legal proceedings against the former detachment commander have not even begun, the question of extradition and lifting of the Marine's immunity cannot even be addressed at the present time. Nevertheless, PM Tariceanu and FM Ungureanu may ask for the Marine's return, possibly repeating a promise made earlier to our Ambassador by Basescu that the former detachment commander would receive a fair trial and, regardless of outcome, would not serve a single day in prison in Romania.

The deliberate omission of the words "in Romania" completely changes the meaning of the Tweet.

The democratically elected government of Romania is promising a fair trial and repatriation to the USA to serve any prison sentence , if the US Marine was to be found guilty of any charges. This is the normal, civilised state of affairs with most Extradition treaties around the world.

If this deliberately misleading Tweet was from the army of Wikileaks cult hangers on, that would be bad enough. Wikileaks could, if pushed, issue an apology, and disassociate themselves from such alleged "supporters".

However this distortion of the truth is from the "official" Julian Assange controlled

https://twitter.com/wikileaks feed.

Any post-Wikileaks whistleblower websites should learn the lessons from Wikileaks and Julian Assange's increasingly inept handling of the mainstream media and social media.

The levels of disinformation, hype and spin which Wikileaks now relies on make them at least as untrustworthy as any Government or big business public relations spin doctors and propagandists.

The mainstream media have plenty of other, more current, more newsworthy stories to report on, so the effect of the publication of these diplomatic cables is now increasingly marginal and they are only of academic interest to future historians and to the world's intelligence agencies.

Why is there still no functioning WikiLeakS.org document submission system ?

It is puzzling why WikiLeakS.org, with all its army of cult followers and vastly more money than many other whistleblowing websites, has not re-launches itself with a secure, anonymous whistleblower leak submission system, so many months after it shut down.

See LeakDirectory.org for links to many of these and some analysis of the anonymity and security strengths and weaknesses of several of them.

The answer must be that Julian Assange does not want to relinquish any control or to be democratically accountable or transparent.

N.B. to be clear this WikilLeak.org blog is very often critical of Julian Assange for his control freakery, deceit, and disregard for other people's private personal data, but we do not think that he should be extradited to the USA to face espionage or other charges.

The European Arrest Warrant should not be allowed to be used to extradite Assange to Sweden from the United Kingdom for "investigation" purposes, without cross examination in a UK Court of prima facie evidence against him in the sordid sex allegations case.

Tags:

Julian Assange does not seem to be waiting for any alleged US government plot against WikiLeakS.org to succeed - he is managing to destroy any public trust or credibility which the WikiLeakS.org project used to have, all on his own.

The "Confidentiality Agreement" with which he has bullied his gullible staff of "young activist" in the UK looks like the evil scheme of a bureaucratic control freak, who could easily be working for a repressive dictatorship.

Julian Assange's attempt to gag his cult followers, even against revealing the existence of the Confidentiality Agreement itself, makes it impossible to trust him when he hypocritically utters words like "transparency" or "public accountability".

I refused to sign Julian Assange's confidentiality agreement because it would have been not just ironic, but dangerous

James Ball
guardian.co.uk, Thursday 12 May 2011 17.43 BST

Yesterday, media lawyer and legal blogger David Allen Green published the full text of the gagging order signed by almost all WikiLeaks employees earlier this year.

It's an extraordinary document. WikiLeaks staffers face a £12m penalty if they reveal any information about WikiLeaks' day-to-day operations, let alone any documents given to the whistleblowing organisation.

In a move reminiscent of the UK's reviled superinjunctions, even revealing the existence of the gagging order is itself a breach.

[...]

Yes, it was my copy of the agreement that was published.

[...]

But this document deserves to be in the public domain. Having worked for several media organisations, both print and broadcast, I'm used to confidentiality provisions.

The WikiLeaks document is by orders of magnitude the most restrictive I have ever encountered. Legal experts consulted about the document agree.

[...]

WikiLeaks is not democratically accountable. Julian's argument that it is accountable because it is funded by donations could just as equally be made of KKK, or the BNP. It has no board, or no oversight. If any organisation in the world relies on whistleblowers to keep it honest, it is WikiLeaks.

In such circumstances, silencing dissent is not just ironic, it's dangerous. WikiLeaks needs to get out of the gagging game.

Clause 5 of this "Confidentiality Agreement" (PDF) imposes a penalty of "£12,000,000 - twelve million pounds sterling" on anyone who breaches this legal gag.

[...]

Other parts of the legal gag are just as extraordinary. The second recital paragraph, "B", provides that - like a superinjunction - the fact of the legal gag itself is subject to the gag.

So is "all newsworthy information relating to the workings of WikiLeaks". On the face of it, even revealing one is under this agreement could result in a £12m penalty, as would sharing information on how the directors conduct the organisation.

The fifth recital paragraph, "E", is just as astonishing. It purports to extend what WikiLeaks can sue for beyond any direct loss that it might suffer if the gag is breached. WikiLeaks says it can sue for both "loss of opportunity to sell the information to other news broadcasters and publishers" and "loss of value of the information".

[...]

However, for some time it has been apparent that WikiLeaks and its founder Julian Assange have had a "pick'n'mix" attitude to legal obligations. They seem to feel free from any restrictions in respect of confidentiality and official secrecy; but on the other hand they make routine legal threats, especially against the Guardian, so as to uphold their perceived rights to their supposed commercial "property" - leaked, sensitive information. Abidance by the law is, it would seem, something for other people.

Tags:

The Wired.com Danger Room preview article WikiLeaks Defector Slams Assange In Tell-All Book by Kim Zetter, about Daniel Domscheit-Berg's forthcoming book, seems to confirm many of the suspicions and speculations about the apparent internal rifts within the WikiLeakS.org project, which this blog has commented on over the years.

[...]

WikiLeaks founder Julian Assange lost control of his site's submission system in an internal revolt last fall, and has never regained it, according to a tell-all book penned by the organization's top defector, who accuses Assange of routinely exaggerating the security of the secret-spilling website and lying to the public about the size and strength of the organization.

Although WikiLeaks has claimed for months that its submission system is down due to a backlog of documents it has no time to process, Daniel Domscheit-Berg writes in Inside WikiLeaks that he and a top WikiLeaks programmer seized the submission system when they defected from the organization last September, along with documents in the system at the time.

[...]

Last August, in the wake of rape allegations against Assange as well as criticism that the site had mishandled the names of informants in Afghan documents the site published with media partners, Domscheit-Berg and two WikiLeaks programmers fed up with the way things were being run, staged a halfhearted mutiny. They disabled the WikiLeaks wiki and changed the passwords to the Twitter and e-mail accounts. In response, Assange shut down the whole system, causing the mutineers to cave in. But within weeks, Domscheit-Berg and one of the programmers had left WikiLeaks for good and taken the submission system with them.

They seized the system because they had doubts Assange would handle the documents securely, due to lack of care he had allegedly shown for submissions in the past.

"Children shouldn't play with guns," Domscheit-Berg writes. "That was our argument for removing the submission platform from Julian's control ... We will only return the material to Julian if and when he can prove that he can store the material securely and handle it carefully and responsibly."

The submission system had been recrafted by the programmer, whom Domscheit-Berg refers to only as "the Architect", after he became frustrated with the jerry-built infrastructure Assange, and perhaps others, had set up when Wikileaks launched in December 2006, according to the book. WikiLeaks had been running on a single server with sensitive backend components like the submission and e-mail archives connected to the public-facing Wiki page. The Architect separated the platforms and set up a number of servers in various countries.

In a statement Wednesday, WikiLeaks essentially confirmed Domscheit-Berg's version of why the site's submission system is missing. The organization said the system remains down months after Domscheit-Berg left because his "acts of sabotage" forced the organization to "overhaul the entire submission system" and the staff lacks time to do so.

The statement does not explain why Assange had previously claimed the submission system was down by design to stop an already huge backup of documents from growing even larger.

Domscheit-Berg writes that he and the Architect won't release the unpublished documents and will return them to WikiLeaks once Assange builds a secure system. Noting that the current site has no SSL support, Domscheit-Berg warns that anyone who visits the site to read submission instructions could be monitored.

"The current system has become a security risk for everyone involved," he writes.

Domscheit-Berg told Threat Level in an interview on Sunday that the hijacked leaks only include those submitted since the time the system came back online in July following an outage, and the time it went down permanently. Anything submitted before then, or via other methods, would still be in Assange's possession.

[...]

Domscheit-Berg began working with Assange after meeting him at a hacker conference in Germany in December 2007. Although WikiLeaks claimed to have hundreds of volunteers and an untold number of staffers, the organization consisted essentially of Assange and Domscheit-Berg, who pored through submissions, did little more than simple Google searches to verify documents and posed as non-existent staffers in e-mail and other correspondence to make WikiLeaks seem heftier than it was.

The two were later joined by "the Technician" in 2008 and "the Architect" in 2009, both of whom assumed responsibility for the technological infrastructure, while Assange and Domscheit-Berg handled content and media relations. That is, until internal fighting began in 2009. Initially, the fights were over Assange's lack of transparency in handling donated funds, but eventually encompassed everything from the security of sources and submissions, to Assange's lack of trust in Domscheit-Berg, and Assange's relations with women.

[...]

When journalists asked about problems with WikiLeaks' infrastructure, Domscheit-Berg would purposely confuse them with technobabble. He writes that it was amazing how often their obfuscation strategy worked. "To create the impression of unassailability to the outside world, you only had to make the context as complicated and confusing as possible," he writes. "It was the same principle used by terrorists and bureaucrats. The adversary can't attack as long as he has nothing to grab hold of." The truth was, he notes, their "technical infrastructure was a joke and irresponsible. If someone knew where the server was located they could have shut WL down permanently ... We were acting irresponsibly, playing a risky game with our sources' trust and our supporters' donations."

Until WikiLeaks began working with media partners in 2010, it did little vetting of submissions beyond simple Google searches to see if documents seemed legitimate. This proved to be a problem when someone identified in a Julius Baer document as having a secret Swiss bank account claimed he'd been misidentified. Domscheit-Berg says the source who gave them the documents had also "included some background information he had researched about the bank's clients." But the source had apparently confused a Swiss account holder with a German man who had a similar name. When the German threatened to sue for slander, Assange and Domscheit-Berg added a caveat to the document saying, "according to three independent sources" the information might be false or misleading. The three independent sources, however, didn't exist. Domscheit-Berg says they made them up.

Assange will appear before the City of Westminster Magistrates Court on December 14 when his lawyers are expected to outline their case against extradition and make a renewed bail application.

The WikiLeaks founder has indicated he will fight all the way to the High Court which could take over a year.

Legal sources believe he may argue to stay in Britain on the grounds that any trial in Sweden would be prejudiced because of his political notoriety.

He could take his case to the High Court and even the Supreme Court on 'a point of law of general public importance' which could take around two years to resolve.

If that fails, he could take the case to the European Court of Human Rights.

If he were to be extradited to Sweden what would happen?

Assange is likely to be immediately charged with rape. He would face a trial by a judge as Sweden does not have a jury system for criminal cases. If convicted he faces up to six years in jail. On release he could face the prospect of extradition to other countries.

Can the US extradite him from Britain?

His detention yesterday on a European Arrest Warrant means that Sweden's request would take precedence over any extradition bid from America. Only if a district judge refused Assange's extradition to Sweden, could the US apply to have him extradited there.

Can the US extradite him from Sweden?

US Attorney General Eric Holder claims to be taking 'significant steps' in a probe into the leaks, but it is unlikely that America will ever get its hands on Assange. The US has had an extradition treaty with Sweden since the 1960s, when the nations agreed to 'make more effective the co-operation of the two countries in the repression of crime'.

But extradition is likely to face a number of obstacles, not least the fact that the likely charges facing Assange in the US - under the Espionage Act or other legislation protecting national security - are not included in the exhaustive list of offences set out in the law.
Extradition is barred for military or political offences, under Swedish law.

There may also be issues of jurisdiction, since the offences Assange is alleged by the US to have conducted did not take place within the country.

Any extradition from Sweden to other countries could take place only after the current rape proceedings have been concluded.

[...]

We note that the Extradition case involving Gary McKinnon, who is accused of hacking in to US Military NIPREnet systems has lasted over 8 years now. This is another case involving US government pride and computer system incompetence, which has resulted in plenty of political pressure from the US Government.

See FreeGary.org.uk for the full panaoply of Extradition Hearings, Submissions to the Home Secretary, Appeals to the High Court, Judicial Reviews, Appeals to the House of Lords (now to the UK Supreme Court), Appeals to the European Court of Human Rights in Strasbourg. etc.

It looks as if Julian Assange will also now fall foul of the hated previous Labour governmet's controversial Extradition Act 2003, which prevents even incomplete prima facie from being heard and cross examined by defence lawyers in a British court, if the Extradition request is from a European Arrest Warrant country like Sweden or from the USA.

Gary McKinnon has been free on bail throughout his Extradition case, but others facing Extradition to the USA, such as British born computer techniocian Babar Ahmed have been locked up in high security prisons, without trial for even longer.

Tags:

Der Speigel reports:that "Daniel Schmitt", now named in public as Daniel Domscheit-Berg, who has shared platforms with Julain Assange as the (English speaking) German spokesman for the WikiLeakS.org project, especially at the annual Chaos Computer Congress, is set to resign:

A dispute has broken out within the leadership of WikiLeaks, the website known for publishing classified documents including the Afghanistan war logs. In an interview with SPIEGEL, WikiLeaks' German spokesman has said he will leave the organization as a result of rows with founder Julian Assange.

In a SPIEGEL interview to be published in the next issue, Daniel Schmitt, the German spokesman for WikiLeaks discusses the deficiencies within the whistleblower platform, criticizes internal fighting in the organization and announces his resignation.

"We all had an insane amount of stress in recent months," he told SPIEGEL. "A few mistakes happened, which is OK, as long as people learn from them. For that to happen, though, one has to admit them. We have lost the faith that we are all pulling together."

In recent months WikiLeaks landed a string of spectacular coups, including the publication of 77,000 secret United States military logs from the war in Afghanistan. Schmitt criticized the fact that the platform has been too focused on large projects and that, in doing so, it has neglected smaller, national documents.

He also blamed that on WikiLeaks founder Julian Assange. "I tried again and again to push for that, but Julian Assange reacted to any criticism with the allegation that I was disobedient to him and unloyal to the project." He said he had come to disagreements with Assange and that other co-workers were also unhappy.

"There is a lot of displeasure there and some others, like me, will pull out," he told SPIEGEL. Out of fears of attacks, WikiLeaks' German spokesman had called himself Daniel Schmitt up until now. In his SPIEGEL interview, however, he revealed his real name for the first time: Daniel Domscheit-Berg.

Will the WikiLeaKs.org project now collapse or will it change to become more transparent and accountable ?

Will the people who are deeply unhappy with it start a new rival project, with their experience of WikiLeakS.org success and failures, or are they so fed up with it that they will go back to their normal lives and concentrate on their many other pro bono and voluntary activities instead ?

Tags:

In a front page editorial, Julian Assange gives some more details of the surveillance and harassment of himself and other WikiLeakS.org people in Iceland and on the way to a conference about investigative journalism Norway.

[...]

We have discovered half a dozen attempts at covert surveillance in Reykjavik both by native English speakers and Icelanders. On the occasions where these individuals were approached, they ran away. One had marked police equipment and the license plates for another suspicious vehicle track back to the Icelandic private VIP bodyguard firm Terr. What does that mean? We don't know. But as you will see, other events are clear.

Perhaps it means that Iceland will not become quite the transparent and publicly accountable "investigative journalism publishing data haven", which WikiLeakS.org and the Icelandic Modern Media Initiative hope for.

U.S. sources told Icelandic state media's deputy head of news, that the State Department was aggressively investigating a leak from the U.S. Embassy in Reykjavik. I was seen at a private U.S Embassy party at the Ambassador's residence, late last year and it is known I had contact with Embassy staff, after.

On Thursday March 18, 2010, I took the 2.15 PM flight out of Reykjavik to Copenhagen--on the way to speak at the SKUP investigative journalism conference in Norway. After receiving a tip, we obtained airline records for the flight concerned. Two individuals, recorded as brandishing diplomatic credentials checked in for my flight at 12:03 and 12:06 under the name of "US State Department". The two are not recorded as having any luggage.

Iceland doesn't have a separate security service. It folds its intelligence function into its police forces, leading to an uneasy overlap of policing and intelligence functions and values.

On Monday 22, March, at approximately 8.30pm, a WikiLeaks volunteer, a minor, was detained by Icelandic police on a wholly insignificant matter. Police then took the opportunity to hold the youth over night, without charge--a highly unusual act in Iceland. The next day, during the course of interrogation, the volunteer was shown covert photos of me outside the Reykjavik restaurant "Icelandic Fish & Chips", where a WikiLeaks production meeting took place on Wednesday March 17--the day before individuals operating under the name of the U.S. State Department boarded my flight to Copenhagen.

Our production meeting used a discreet, closed, backroom, because we were working on the analysis of a classified U.S. military video showing civilian kills by U.S. pilots. During the interrogation, a specific reference was made by police to the video---which could not have been understood from that day's exterior surveillance alone. Another specific reference was made to "important", but unnamed Icelandic figures. References were also made to the names of two senior journalists at the production meeting.

[...]

How many WIkiLeakS.org volunteers are willing or unwilling (e.g. through coercion after having been arrested), agents or informers ("Covert Human Intelligence Sources" in UK legal parlance), for various police, intelligence agencies and private sector interested parties ?

Tags:

Since WikiLeakS.org continue to refuse to open up their website wiki for comments and discussion, as before, it is hard to be sure whether their unreliable Twitter stream broadcasts are credible or not.

Presumably this is the drone / ground attack aeroplane video footage for which an appeal and a thank you appeared on this Twitter stream, for access to supercomputer numbercrunching to de-crypt as mentioned in our previous blog article (Doubts about the claim that "U.S. Intelligence planned to destroy WikiLeaks" - new window">

WikiLeaks is currently under an aggressive US and Icelandic surveillance operation. Following/photographing/filming/detaining.

Tags:

WikiLeakS.org, are still "on strike", awaiting more financial donations, but they do continue to publish a few headline grabbing "leaks", without the full wiki system which used to allow readers to analyse and comment on them on the website itself.

We cannot see much evidence of any actual "plan", only a statement of the obvious, that if US Military whistleblowers are tracked down and disciplined or prosecuted, this may have a deterrent effect on future leaks, in general and to Wikileaks in particular.

WikiLeakS.org point out that none of that has happened, as yet, in the couple of years since this intelligence report was compiled.

There is mention of foreign i.e. non-USA potential Computer Network Exploitation (CNE) and / or Computer Network Attacks (CNA) on wikileaks, but with no mention of any US military capabilities or policies in these areas.

This product responds to HQ, Department of Army, production requirement C764-97-0005.

ACIC Product Identification Number is RB08-0617.

[...]

(U) This special report assesses the counterintelligence threat posed to the US Army by the Wikileaks.org Web site.

Julian Assange, one of the main WikiLeakS.org activists, uses this paragraph (marked as Secret / Not for Foreigners), at the end of the Executive Summary on page 3 of 32 (also as the start of the Conclusions on page 21 of 32) , to make the "claim that "U.S.Intelligence planned to destroy WikiLeaks"

(S//NF) Wikileaks.org uses trust as a center of gravity by assuring insiders, leakers, and whistleblowers who pass information to Wikileaks.org personnel or who post information to the Web site that they will remain anonymous. The identification, exposure, or termination of employment of or legal actions against current or former insiders, leakers, or whistleblowers could damage or destroy this center of gravity and deter others from using Wikileaks.org to make such information public.

All of that also applies to most other organisations or companies, whose confidential documents end up on WikiLeakS.org, not just those belonging to the US Army.

This one paragraph out of a 32 page report does not seem to be any sort of "plan", just a statement of the obvious.

(S/NF) stands for "Secret / Not for Foreigners", a marking which is used on many of the paragraphs in this report, which also contains (U) unclassified paragraphs as well.

Interestingly Julian does not mention this paragraph (pages 5 and 6):

(S//NF) The obscurification technology[9] used by Wikileaks.org has exploitable vulnerabilities. Organizations with properly trained cyber technicians, the proper equipment, and the proper technical software could most likely conduct computer network exploitation (CNE) operations or use cyber tradecraft to obtain access to Wikileaks.org's Web site, information systems, or networks that may assist in identifying those persons supplying the data and the means by which they transmitted the data to Wikileaks.org. Forensic analysis of DoD unclassified and classified networks may reveal the location of the information systems used to download the leaked documents. The metadata, MD5 hash marks, and other unique identifying information within digital documents may assist in identifying the parties responsible for leaking the information. In addition, patterns involving the types of leaked information, classification levels of the leaked information, development of psychological profiles, and inadvertent attribution of an insider through poor OPSEC could also assist in the identification of insiders.

Reference [9] is :

[9] (U) Obscurification technology: the science of obscuring or hiding objects and information.

The report carefully does not say that United States military, intelligence or law enforcement organisations could or should be involved in "computer network exploitation (CNE) operations or use cyber tradecraft" using these old vulnerabilities in, for example, Tor , instead suggesting that it could be Foreign organisations (FISS = Foreign Intelligence and Security Services) instead (page ):

(U) The OPSEC measures used in the submission of leaked information to Wikileaks using the Internet are designed to protect the identity and personal security of the persons or entities sending or posting information to the Web site. Wikileaks.org claims that any attempt at trace routing of IP addresses, MAC addresses, and other identifying information of a home computer submissions (as opposed to cyber café submissions) through Wikileaks.org's Internet submission system would require a knowledge of information available only to Wikileaks.org programmers and to a rights organization serving the electronic community, or would require specialized ubiquitous traffic analysis of Internet messages and routing systems. Nevertheless, it remains technically feasible for FISS, law enforcement organizations, and foreign businesses that have the motivation, intentions, capability, and opportunity to gain online access or physical access to Wikileaks.org information systems to identify and trace whistleblowers through cyber investigations, advanced cyber tools, and forensics.[11]

It is worth repeating the Questions raised in the Intelligence Gaps section of this document (pages 20 and 21)

(U) Intelligence Gaps

(S//NF) What individual persons or entities are leaking DoD sensitive or classified information to Wikileaks.org, and are they working on behalf of a foreign agent or power? What are the reasons, intentions, and motivations of the current or former insider?

(S//NF) Is the potential insider leaking the information to Wikileaks.org a former employee of the US government or a mole still working for the US government? How is the insider sending digital information to Wikileaks.org? What cyber or other tradecraft is the perpetrator using?

(S//NF) Will the Wikileaks.org Web site be used by FISS, foreign military services, foreign insurgents, or terrorist groups to collect sensitive or classified US Army information posted to the Wikileaks.org Web site?

(S//NF) Will the Wikileaks.org Web site be used by FISS, foreign military services, or foreign terrorist groups to spread propaganda, misinformation, or disinformation or to conduct perception or influence operations to discredit the US Army?

(S//NF) Will the Wikileaks.org Web site be used for operational or cyber tradecraft to pass information to or from foreign entities?

(S/NF) Will the Wikileaks.org Web site developers obtain new software for Web site development, management, security, encryption of messages or files, or posting anonymous information to the Web site?

(S//NF) Will foreign entities attempt to conduct CNE or CNA to obtain information on the posters of information or block content on the Wikileaks.org Web site?

(S//NF) What software, tactics, techniques, and procedures would be used by a foreign actor to conduct CNE or CNA against the Web site?

CNE = computer network exploitation
CNA = computer network attack

(S//NF) Will foreign persons, businesses, or countries attempt civil lawsuits or criminally prosecute whistleblowers, Wikileaks.org staff, and members who posted comments on the Web site?

(S//NF) Will Wikileaks.org and various users expand the data fields in the TOE SQL
database to include equipment capabilities, equipment limitations and vulnerabilities, known unit locations, links to geospatial information services, or known unit personnel to
develop ―battle books for targeting packages?

(S//NF) What other leaked DoD sensitive or classified information has been obtained by Wikileaks.org?

(S//NF) Will foreign organizations such as FISS, foreign military services, foreign insurgents, or terrorist groups provide funding or material support to Wikileaks.org?

It is interesting that this SECRET / NOFORN (NOFORN = Not releasable to Foreign Nationals, equivalent to "UK Eyes Only") document cites this Spy Blog article 3 times cited 3 times as references [39, 40 and 41]
e.g.

(U) Spy Blog. ―Is Wikileaks.org the Right Idea for a Whistleblowing Website? 5 January 2007.
URL: http://p10.hostingprod.com@spyblog.org.uk/blog/2007/01/is_wikileaks.org_the_right_idea_for_a_ whistleblowing_website/html. Moved from URL: www.spy.org.uk/spyblog. Accessed on 17 December 2007.

This URL has got mangled somewhat, so interested readers should go to:

It is worth comparing the "Intelligence Gaps" questions with the original Spy Blog questions about the whole WikiLeakS.org project, which are cited 3 times as a reference [39, 40 and 41]

Perhaps "U.S. Intelligence planned to destroy WikiLeaks", but this leaked document does not provide hard evidence of that rather sensational claim.

The intelligence report rightly pays respect to the technical work involving SQL database cross referencing of the Iraq war equipment register by WikileakS.org activists and others. The September 11th 2001 pager messages project was also impressive.

However the intelligence report is not sceptical enough about some of the unproven claims made by WikiLeakS.org e.g. where exactly are the more than a million leaked Chinese documents ? They were not available via the wiki, when it was running.

Similarly, the claim to use PGP encryption to protect whistleblowers is false and the "easy to use" encryption software for CDs and DVDs sent via postal mail, has also never materialised.

Any future revision of this intelligence report on WikiLeakS.org should perhaps look at how the core activists are not actually content with waiting for other people to send them "Leaked" documents,, but are actively trying to create new documents etc. which have never been "leaked" by anyone in the first place.

If the US Army was worried about WIkiLeakS.org a couple of years ago, then some of the recent developments might cause them further anxiety.

I'd like to show you an interview with Julian Assange, the spokesperson of
Wikileaks, on my students' blog. On the Chaos Communication Congress in
Berlin, a hacker event, I had the chance to talk with him, about the economic and financial aspects of the website (at the moment it is shut down in order to generate money) and about the relationship of Wikileaks and mainstream media.

It was planned as a very small interview of only some minutes, about the
media economy of a non-commercial web project, but then we talked for nearly
an hour and he talked about some really new aspects of Wikileaks.

There is probably five people that do it 24 hours a day. And then it's 800 people who do it sometimes over a year. And in between there is a spectrum.

How do you and the other four guys who work full time without getting paid finance your flat and your bread?

I made money in the internet. So I have enough money to do that, but also not forever. And the other four guys, in the moment they are also able to self-finance.

[...]

So in the moment the labour costs are still hypothetical, but the big costs that you really have to pay bills for are servers, office, etc.?

The bandwidth side, the backing is costly as well when we get big spikes. Then there are registrations, bureaucracy, dealing with bank accounts and this sort of stuff. Because we are not in one location, it doesn't make sense for us to have headquarters. People have their own offices across the world.

What about cost for lawsuits?

We don't have to pay for our lawyer's time. Hundred of thousands or millions dollars worth of lawyer time are being donated. But we still have to pay things like photocopying and court filing. And so far we have never lost a case, there were no penalties or compensations to pay.

So all in all, can you give figures about how much money Wikileaks needs in one year?

Probably 200.000, that's with everyone paying themselves. But there are people who can't afford to continue being involved fulltime unless they are paid. For that I would say maybe it's 600.000 a year.

Private donations. We refuse government and corporate donations. In the moment most of the money comes from the journalists, the lawyers or the technologists who are personally involved. Only about ten percent are from online donations. But that might increase.

At the bottom of the site is a list of your "steadfast supporters", media organisations and companies like AP, Los Angeles Times or The National Newspaper Association. What do they do for you?

They give their lawyers, not cash.

[...]

You need to motivate two groups of people, in order to make the site running, the whistleblowers and the journalists. What are the motivations for whistleblowers?

Usually they are incensed morally by something. Very rarely actually they want revenge or just to embarrass some organisation. So that's their incentive, to satisfy this feeling. Actually we would have no problem giving sources cash. We don't do that, but for me there is no reason why only the lawyers and the journalists should be compensated for their effort. Somebody is taking the risk to do something and this will end up benefiting the public.

But then the legal problem would become much bigger.

Yes, but we're not concerned about that. We could do these transfer payments to a jurisdiction like Belgium which says, that the authorities are not to use any means to determine the connection between the journalist and their source. And this would include the banking system.

Exactly how strong is this legal protection in Belgium, against the revelation of whistleblower sources through the tracking of financial payments, in practice ?

If they cite "national security" or "terrorism" or "serious organised crime" etc investigations, then the US and EU governments seem to be able to legally snoop on the >Society for Worldwide Interbank Financial Telecommunication (SWIFT) international banking money transfer system, which is also legally based in Belgium

On the other side you experiment with incentives for journalists. This sounds weird in the beginning. Why do you have to give them additional incentives so they use material you offer them for free?

It's not that easy. Information has value, generally in proportion to the supply of this information being restricted. Once everyone has the information, another copy of the information has no value.

In Germany you made an exclusivity deal with two media companies, the Stern and Heise. Are you satisfied with these kind of deals?

We did this in other countries before. Generally we have been satisfied. The problem is it takes too much time to manage. To make a contract, and to determine who should have the exclusivity. Someone can say, oh, we will do a good story. We are going to maximize the political impact. And then they won't do it. How do we measure this?

According to this WikiLeak.org blog comment , seemingly by Julian Assange, they have not done so with The Guardian newspaper in the United Kingdom.

This raises the question about the cases,like The Guardian's reporting of the Trafigura / Carter-Ruck "secret super injunction", where our impression is that WikiLeakS.org appear to be getting their whistleblower leaks from mainstream media journalists themselves, either unofficially, or with the management turning a blind eye.

[...]

What happened?

This auction proved to be a logistical nightmare. Media organisations wanted access to the material before they went to auction. So we would get them to sign non-disclosure agreements, chop up the material and release just every second page or every second sentence.That was too distracting to all the normal work we were doing, so that we said, forget it, we can't do that. We just released the material as normal. And that's precisely what happened: No one wrote anything at all about those 7.000 Emails. Even though 15 stories had appeared about the fact that we were holding the auction.

The experiment didn't fail, the experiment taught us about what the burdens were. We would actually need a team of five or six people whose job was just to arrange these auctions.

You plan to continue the auction idea in the future ...

We plan to continue it, but we know it will take more resources. But if we pursue that we will not do that for single documents. Instead we will do a subscription. This would be much simpler. We would only have the overhead of doing the auction stuff every three months or six months, not for every document.

So the exclusivity of the story will run out after three months?

No, there will be exclusivity in terms of different time windows in access to the material. As an example: there will be an auction for North America. And you will be ranked in the auction. The media organisation who bids most in the auction, would get access to it first, the one who bids second will get access to it second and so on. Media organisations would have a subscription to Wikileaks.

We would be interested to hear from media lawyers about whether or not mainstream media organisations really are in a legal position to sign exclusivity subscription deals with WikiLeakS.org.

Tags:

About this blog

This blog here at WikiLeak.org (no "S") discusses the ethical and technical issues raised by the WikiLeakS.org project, which is trying to be a resource for whistleblower leaks, by providing "untraceable mass document leaking and analysis".

These are bold and controversial aims and claims, with both pros and cons, especially for something which crosses international boundaries and legal jurisdictions.

This blog is not part of the WikiLeakS.org project, and there really are no copies of leaked documents or files being mirrored here.

Email Contact

Please feel free to email us your views about this website or news about the issues it tries to comment on:

LeakDirectory.org

Now that the WikiLeakS.org project is defunct, so far as new whistleblower are concerned, what are the alternatives ?

The LeakDirectory.org wiki page lists links and anonymity analyses of some of the many post-wikileaks projects.

There are also links to better funded "official" whistlblowing crime or national security reporting tip off websites or mainstream media websites. These should, in theory, be even better at protecting the anonymity and security of their informants, than wikileaks, but that is not always so.

New whistleblower website operators or new potential whistleblowers should carefully evaluate the best techniques (or common mistakes) from around the world and make their personal risk assessments accordingly.

Hints and Tips for Whistleblowers and Political Dissidents

The WikiLeakS.org Submissions web page provides some methods for sending them leaked documents, with varying degrees of anonymity and security. Anybody planning to do this for real, should also read some of the other guides and advice to political activists and dissidents:

Please take the appropriate precautions if you are planning to blow the whistle on shadowy and powerful people in Government or commerce, and their dubious policies. The mainstream media and bloggers also need to take simple precautions to help preserve the anonymity of their sources e.g. see Spy Blog's Hints and Tips for Whistleblowers - or use this easier to remember link: http://ht4w.co.uk

WikiLeakS Twitter feeds

The WikiLeakS.org website does not stay online all of the time, especially when there is a surge of traffic caused by mainstream media coverage of a particularly newsworthy leak.

Recently, they have been using their new Twitter feeds, to selectively publicise leaked documents to the media, and also to report on the status of routing or traffic congestion problems affecting the main website in Stockholm, Sweden.

N.B.the words "security" or "anonymity" and "Twitter" are mutually exclusive:

Campaign Button Links

Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.

FreeFarid.com - Kafkaesque extradition of Farid Hilali under the European Arrest Warrant to Spain

Parliament Protest blog - resistance to the Designated Area restricting peaceful demonstrations or lobbying in the vicinity of Parliament.

The Big Opt Out Campaign - opt out of having your NHS Care Record medical records and personal details stored insecurely on a massive national centralised database.

Tor - the onion routing network - "Tor aims to defend against traffic analysis, a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security. Communications are bounced around a distributed network of servers called onion routers, protecting you from websites that build profiles of your interests, local eavesdroppers that read your data or learn what sites you visit, and even the onion routers themselves."

Home Office Watch blog, "a single repository of all the shambolic errors and mistakes made by the British Home Office compiled from Parliamentary Questions, news reports, and tip-offs by the Liberal Democrat Home Affairs team."